feat: Allow local certificates to be used by Caddy

Author: thePanz

README.md

@@ -33,8 +33,9 @@ A [Docker](https://www.docker.com/)-based installer and runtime for the [Symfony
 3. [Support for extra services](docs/extra-services.md)
 4. [Deploying in production](docs/production.md)
 5. [Debugging with Xdebug](docs/xdebug.md)
-6. [Using a Makefile](docs/makefile.md)
-7. [Troubleshooting](docs/troubleshooting.md)
+6. [TLS Certificates](docs/tls.md)
+7. [Using a Makefile](docs/makefile.md)
+8. [Troubleshooting](docs/troubleshooting.md)
 
 ## License
 

docker/caddy/Caddyfile

@@ -5,6 +5,8 @@
 
 {$SERVER_NAME}
 
+{$CADDY_EXTRA_CONFIG}
+
 log
 
 route {

docs/tls.md

@@ -0,0 +1,38 @@
+# TLS Certificates
+
+## Trusting the Authority
+
+With a standard installation, the authority used to sign certificates generated in the Caddy container is not trusted by your local machine.
+You must add the authority to the trust store of the host :
+
+```
+# Mac
+$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
+# Linux
+$ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
+# Windows
+$ docker compose cp caddy:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
+```
+
+## Using Custom TLS Certificates
+
+By default, Caddy will automatically generate TLS certificates using Let's Encrypt or ZeroSSL.
+But sometimes you may prefer using custom certificates.
+
+For instance, to use self-signed certificates created with [mkcert](https://github.com/FiloSottile/mkcert) do as follows:
+
+1. Locally install `mkcert`
+2. Create the folder storing the certs: 
+   `mkdir docker/caddy/certs -p`
+3. Generate the certificates for your local host (example: "server-name.localhost"):
+   `mkcert -cert-file docker/caddy/certs/tls.pem -key-file docker/caddy/certs/tls.key "server-name.localhost"`
+4. Add these lines to the `./docker-compose.override.yml` file about `CADDY_EXTRA_CONFIG` environment and volume for the `caddy` service :
+    ```diff
+    caddy:
+    +  environment:
+    +    CADDY_EXTRA_CONFIG: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key"
+      volumes:
+    +    - ./docker/caddy/certs:/etc/caddy/certs:ro
+        - ./public:/srv/app/public:ro
+    ```
+5. Restart your `caddy` container

docs/troubleshooting.md

@@ -4,18 +4,11 @@
 
 If you work on linux and cannot edit some of the project files right after the first installation, you can run `docker compose run --rm php chown -R $(id -u):$(id -g) .` to set yourself as owner of the project files that were created by the docker container.
 
-## Fix Chrome/Brave SSL
-
-If you have a TLS trust issues, you can copy the self-signed certificate from Caddy and add it to the trusted certificates :
-
-    # Mac
-    $ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /tmp/root.crt && sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/root.crt
-    # Linux
-    $ docker cp $(docker compose ps -q caddy):/data/caddy/pki/authorities/local/root.crt /usr/local/share/ca-certificates/root.crt && sudo update-ca-certificates
-    # Windows
-    $ docker compose cp caddy:/data/caddy/pki/authorities/local/root.crt %TEMP%/root.crt && certutil -addstore -f "ROOT" %TEMP%/root.crt
-
 ## HTTPs and Redirects
 
 If Symfony is generating an internal redirect for an `https://` url, but the resulting url is `http://`, you have to uncomment the `TRUSTED_PROXIES` setting in your `.env` file.
 For more details see the [Symfony internal redirect documentation](https://symfony.com/doc/current/routing.html#redirecting-to-urls-and-routes-directly-from-a-route).
+
+## TLS/HTTPS Issues
+
+See more in the [TLS section](tls.md)